views:

788

answers:

5

I am looking for...

  • A spider/automated
  • Will find all input fields and queryStrings, then insert potential XSS discoveries
  • Reports any XSS vulnerabilities found
+5  A: 

Post on reddit "I finished securing my site and making it hacker-proof" with a link to it.

Tom Ritter
Lol! .
Stefan Mai
+1  A: 

You may want to check out nessus.

http://www.nessus.org/plugins/index.php?view=all&family=CGI+abuses+%3A+XSS

I haven't used them for xss, yet. But for other things I've been pretty happy, and it is is free.

nikudesu
A: 

Open source free one my me (as a bookmarklet):- http://www.thespanner.co.uk/2009/03/25/xss-rays/

A: 

I found this Firefox addon, XSS me

Zombies
A: 

Try Burp Proxy I used the free with some features. For input fields you can try Firefox plugin XssMe and SOQL Inject Me. I covered all of those in this post : http://www.tgerm.com/2009/02/xss-testing-acceptance-tools-software.html

tgerm